EP3764259A1 - Systèmes et procédés pour une connexion et une communication de point d'extrémité sécurisées - Google Patents

Systèmes et procédés pour une connexion et une communication de point d'extrémité sécurisées Download PDF

Info

Publication number
EP3764259A1
EP3764259A1 EP20178351.1A EP20178351A EP3764259A1 EP 3764259 A1 EP3764259 A1 EP 3764259A1 EP 20178351 A EP20178351 A EP 20178351A EP 3764259 A1 EP3764259 A1 EP 3764259A1
Authority
EP
European Patent Office
Prior art keywords
remote system
virtual machine
machine instance
application
communication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP20178351.1A
Other languages
German (de)
English (en)
Other versions
EP3764259B1 (fr
Inventor
Ahmad Arash Obaidi
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
T Mobile USA Inc
Original Assignee
T Mobile USA Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by T Mobile USA Inc filed Critical T Mobile USA Inc
Publication of EP3764259A1 publication Critical patent/EP3764259A1/fr
Application granted granted Critical
Publication of EP3764259B1 publication Critical patent/EP3764259B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45562Creating, deleting, cloning virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/4557Distribution of virtual machine instances; Migration and load balancing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45587Isolation or security of virtual machine instances
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances

Definitions

  • Examples of the present disclosure relate generally to security, and, more particularly, to secure connection and communication with dynamic creation and enforcement of virtual machine (VMs) protocols to secure both ends of a remote connection.
  • VMs virtual machine
  • encryption has been used to address some of these concerns.
  • encryption presents a number of drawbacks. For example, encrypting data presents an overhead both when the data is encrypted, and anytime the data is used (as it must be decrypted) and modified (as the modified data must be re-encrypted).
  • encryption fails to protect sensitive data adequately in various circumstances. For example, encryption of data does not prevent spying when the computer system itself is compromised (e.g., compromised through a lack of data isolation).
  • UE user equipment
  • communicating with a third-party system leaves the data vulnerable to breaches in the third-party system.
  • a first device instantiates an isolated virtual machine (VM) instance, executes an application for communication in the VM instance, and attests to this arrangement to an attesting server. Then, before the first device connects with a second device, the first device requests from the attestation server whether the second device is likewise validly operating with the VM. If the server attests that the second device is validly operating, the first device will connect to the second device and communicate therewith. Once the communication is complete, the first device can close the application and delete the VM instance.
  • VM virtual machine
  • a secure root certificate is used to guarantee the attestation.
  • the user may be presented options for persisting information related to the communication.
  • a user may desire to save an image received by the application executed on the VM.
  • the user may instruct the VM instance to persist the image in a cloud storage program, which may be accessed by the user after the VM instance is deleted.
  • an unmanned aerial vehicle (UAV) and a monitoring station may communicate with video capture and streaming programs, respectively. Before establishing a connection, the UAV may require the monitoring station to execute the streaming program within a VM Once the VM use is attested to, the UAV may provide its video stream to the monitoring station.
  • UAV unmanned aerial vehicle
  • an example of the present disclosure can comprise a system environment 100 in which endpoint connection and communication in accordance with some examples of the present disclosure may be performed.
  • the system environment 100 can include one or more Attestation Nodes 110A-110m, one or more Providers 120A-120n, and one or more UEs 130A-130o.
  • Attestation Node 110, Provider 120, and UE 130 may communicate with one another.
  • Attestation Nodes 110A-110m, one or more of Providers 120A-120n, and one or more of UEs 130A-130o may communicate with each other (e.g., UE 130A may communicate with UE 130B).
  • Attestation Nodes 110A-110m, the one or more Providers 120A-120n, and the one or more UEs 130A-130o may each include one or more processors, memories, root certificates, and/or transceivers.
  • the one or more UEs 130A-130o may be cell phones, smartphones, laptop computers, tablets, or other personal computing devices that include the ability to communicate on one or more different types of networks.
  • Attestation Nodes 110A-110m and/or the one or more Providers 120A-120n may include one or more physical or logical devices (e.g., servers, cloud servers, access points, etc.) or drives.
  • Example computer architectures that may be used to implement UEs 130A-130o, Attestation Nodes 110A-110m, and Providers 120A-120n are described below with reference to FIGS. 6 and 7 .
  • a security process e.g., executed by a hypervisor
  • a security process may instantiate a VM instance and execute the application on the VM instance.
  • UE 130 and/or Provider 120 create a certificate (e.g., a root certificate) for the VM instance and transmit the attestation to an attestation server 110.
  • a certificate e.g., a root certificate
  • UE 130 and/or Provider 120 Before UE 130 and/or Provider 120 connects with another device, it will request attestation of the other device from the Attestation Node 110. If the other device is deemed to be executing within a secure VM environment, UE 130 and/or Provider 120 connects to the other device.
  • Attestation Nodes 110A-110m may serve as an authority for secure operation.
  • Attestation Nodes 110A-110m may be nodes of a private blockchain that stores attestations of the use of the VM environment by UE 130 and Provider 120.
  • the attestations may be received from UE 130 and Provider 120.
  • the attestations may be root attestations corresponding to a hardware root certificate of UE 130 and/or Provider 120.
  • Attestation Node 110 receives a request for attestation information of a particular device, it refers to the previously received attestations to determine whether the particular device is validly executing in a virtual instance.
  • Attestation Nodes 110A-110m may be maintained by respective known/trusted entities. For example, in some embodiments, a plurality of cellular providers (who also maintain Providers 120A-120n) may each maintain one or more of Attestation Nodes 110A-110m.
  • Providers 120A-n provide one or more services to UE 130 and can communicate with one or more of Attestation Nodes 110A-110m. Providers 120A-n may also communicate with UE 130. For example, Providers 120A-n may serve as application servers corresponding to different applications (e.g., banking, mapping, web search, messaging, etc.). Providers 120A-n may attest to their execution of VMs to one or more of Attestation Nodes 110A-110m. Provider 120 may utilize a hardware root certificate to generate an attestation of a VM instance running thereon, for example, when the VM is instantiated or when the application executes. Providers 120 may attest to one or more of Attestation Nodes 110A-110m that Provider 120 is communicating within a secure VM instance.
  • Providers 120A-n may serve as application servers corresponding to different applications (e.g., banking, mapping, web search, messaging, etc.).
  • Providers 120A-n may attest to their execution of
  • a first provider e.g., Provider 120A
  • a second provider e.g., Provider 120B
  • the first provider will check with one or more of Attestation Nodes 110A-110m to determine whether the second provider has attested to its execution within a VM instance.
  • the second provider will check with one or more of Attestation Nodes 110A-110m to determine whether the first provider has attested to its execution within a VM instance. If both the first and second providers have attested accordingly to Attestation Nodes 110A-110m, the first and second providers will connect to each other.
  • UE 130 may communicate with the at least one Attestation Node 110 and at least one Provider 120. UE 130 may attest to its execution of VMs to one or more of Attestation Nodes 110A-110m. UE 130 may utilize a hardware root certificate to generate an attestation of a VM instance running thereon, for example, when the VM is instantiated or when the application executes. UE 130 may attest to one or more of Attestation Nodes 110A-110m that UE 130 is communicating within a secure VM instance.
  • UE 130 When UE 130 wants to interact with a Provider 120 or another device (e.g., another UE 130), such as in response to a request from a user, UE 130 will check with one or more of Attestation Nodes 110A-110m to determine whether the provider or other device has attested to its execution within a VM instance. If the one or more of Attestation Nodes 110A-110m confirms Provider 120 or other device has attested accordingly to Attestation Nodes 110A-110m, UE 130 will connect to Provider 120 or other device. If the one or more of Attestation Nodes 110A-110m indicates that Provider 120 or other device has not attested (or its attestation indicates that the other device is invalid), UE 130 will not connect to Provider 120 or other device.
  • a Provider 120 or another device e.g., another UE 130
  • UE 130 may output a notice (e.g., to a user of UE 130 via a graphical user interface) that Provider 120 or other device is potentially operating in a compromised environment.
  • the user may be able to instruct or command UE 130 (e.g., through the graphical user interface) to connect to Provider 120 or other device despite the attestation of invalidity.
  • Attestation Nodes 110A-110m, Providers 120A-120n, and UEs 130A-130o may be associated with respective entities.
  • each Provider 120 may be a physical device (e.g., server, access point, or network node) controlled by a cellular provider of a plurality of cellular providers or one or more business entities.
  • each Attestation Node 110 may be maintained or associated with a cellular provider among the plurality of cellular providers, e.g., for cellular or data service.
  • Each UE 130 may subscribe to a cellular provider among the plurality of cellular providers.
  • Providers 120A-120n may communicate with Attestation Nodes 110A-110m associated with a same cellular provider.
  • UEs 130A-130o may likewise communicate with Attestation Nodes 110A-110m associated with a same cellular provider. In this way, the authority of Attestation Nodes 110A-110m may be established through the cellular provider (e.g., respective entities).
  • FIG. 2A illustrates a timing diagram for an example of a method 200a for providing secure endpoint communication in accordance with aspects of the present disclosure.
  • the timing diagram illustrates a UE 130, a Provider 120, and an Attestation Node 110.
  • UE 130, Provider 120, and Attestation Node 110 may all be associated with a same first cellular provider.
  • UE 130 receives an indication to execute an application (e.g., a user instruction to launch an application).
  • UE 130 instantiates a VM instance and executes the application within the VM instance.
  • hypervisor executing on UE 130 may instantiate an isolated VM instance for the application.
  • UE 130 may then create an attestation to the application operating within the VM instance.
  • a root hardware certificate may be generated for the VM instance.
  • UE may attest to its security status to Node 110 (e.g., by sharing the generated root hardware certificate).
  • a hypervisor of UE 130 may instantiate the VM instance and allocate hardware resources (e.g., processor power, memory) to the VM instance.
  • the VM instance may include a copy of a primary operating system of UE 130.
  • the hypervisor may instantiate the VM with a different operating system (e.g., type or version number), and/or a customized version of the operating system. For example, if certain functionality is known to be unneeded for an application executing within the VM instance, a hypervisor may select an operating system that does not provide those features. This can reduce overhead in instantiating and deleting the VM instance, as well as limiting the required hardware allocation.
  • UE 130 sends a communication request to Provider 120.
  • the request may indicate that UE 130 requires Provider 120 to communicate with it from within an isolated VM instance (e.g., to prevent eavesdropping).
  • the request may be directed to a subroutine of Provider 120.
  • the request may be directed to a communication application of Provider 120, which may request the instantiation of a VM instance from a hypervisor.
  • Provider 120 instantiates a VM instance (230a), executes the application within the VM instance for communication (235a), creates an attestation to the application operating within the VM instance (240a), and attests to its security status to Node 110 (245a).
  • instantiating the VM instance at 230a may be triggered by the request from UE 130.
  • a hypervisor of Provider 120 may instantiate the VM instance and allocate hardware resources (e.g., processor power, memory) to the VM instance.
  • the hypervisor may instantiate the VM instance with a same or different operating system (e.g., type or version number) as a primary operating system of Provider 120, and/or a customized version of the operating system, for example, in a way that may reduce overhead or latency of the WM instance.
  • each of UE 130 and Provider 120 Prior to connecting, at 250a and 255a, each of UE 130 and Provider 120 request or "poll" Attestation Node 110 for attestation information indicating that the other is operating within a secure VM environment.
  • Provider 120 may poll Attestation Node 110 in response to receiving the request from UE 130, and UE 130 may poll Attestation Node 110 in response to receiving a communication response indicating that Provider 120 wants to connect to UE 130.
  • 260a Node 110 provides to UE 130 the attestation information that Provider 120B is operating a VM instance.
  • 265a Node 110 provides to Provider 120 the attestation information that UE 130 is operating a VM instance.
  • UE 130 and Provider 120 After receiving the attestation, UE 130 and Provider 120 establish a connection and communicate through applications executing on the respective VM instances.
  • UE 130 and Provider 120 close the application.
  • UE 130 and Provider 120 delete the respective VM instances.
  • UE 130 may provide an opportunity to save data from the communication link. For example, UE 130 may (e.g., under the direction of a user) store data (e.g., communication information) from the VM instance in a cloud service and/or encrypt the data on UE 130. In some cases, when the connection is closed, the VM instance may connect to an operating system on UE 130 and provide the data to the operating system for persistence on UE 130.
  • data e.g., communication information
  • the VM instance may connect to an operating system on UE 130 and provide the data to the operating system for persistence on UE 130.
  • FIG. 2B illustrates a timing diagram for an example of a method 200 for providing secure endpoint communication in accordance with aspects of the present disclosure.
  • the timing diagram illustrates a UE 130, a Provider 120, and an Attestation Node 110.
  • Provider 120 receives an indication to communicate with UE 130 (e.g., to send a notification to UE 130).
  • Provider 120 sends a communication request to UE 130.
  • UE 130 receives the communication request and instantiates a VM instance to execute an application for communicating with Provider 120 within the VM instance.
  • a hypervisor executing on UE 130 may instantiate an isolated VM instance for the application.
  • UE 130 may then create an attestation to the application operating within the VM instance. For example, a root hardware certificate may be generated for the VM instance.
  • UE 130 may attest to its security status to Node 110 (e.g., by sharing the generated root hardware certificate).
  • instantiating the VM instance at 230b may be triggered by the request from Provider 120 and/or identifying the application to communicate with Provider 120.
  • UE 130 Prior to connecting, at 235b, UE 130 requests or "polls" Attestation Node 110 for attestation information indicating that Provider 120 is operating within a secure VM environment.
  • Node 110 provides to UE 130 the attestation information that Provider 120B is not operating a VM instance. Accordingly, at 245b, UE 130 denies the request to communicate from Provider 120.
  • UE 130 may notify a user that Provider 120 is not operating a VM instance and shared data may be compromised.
  • UE 130 may establish a connection with Provider 120.
  • UE 130 may notify Provider 120 that it requires Provider 120 to communicate with it from within an isolated VM instance (e.g., to prevent eavesdropping). Provider 120 may then be given an opportunity to instantiate a VM and execute a communication application therein.
  • UE 130 and/or Provider 120 may check the requisite application and/or security protocols. If and only if the application and/or security protocols require the application to execute within a VM instance will UE 130 and Provider 120 instantiate the VM instance.
  • the types of applications necessary to be executed within a VM instance may be identified and/or selected by a user (e.g., pre-existing user selection).
  • different functionality or sessions of a same application may be required to execute within different VM instances.
  • a messaging application may require each message thread (e.g., each conversation with different contacts) to be executed within different VM instances.
  • FIG. 2C illustrates a timing diagram for an example of a method 200c for providing secure endpoint communication in accordance with aspects of the present disclosure.
  • the timing diagram illustrates a UE 130, a Provider 120, and an Attestation Node 110.
  • UE 130, Provider 120, and Attestation Node 110 may all be associated with a same first cellular provider.
  • UE 130 instantiates a VM instance and executes an application within the VM instance.
  • hypervisor executing on UE 130 may instantiate an isolated VM instance for the application.
  • UE 130 may then create an attestation to the application operating within the VM instance.
  • a root hardware certificate may be generated for the VM instance.
  • UE may attest to its security status to Node 110 (e.g., by sharing the generated root hardware certificate).
  • the features may be substantially similar to corresponding features discussed above with reference to FIG. 2A .
  • UE 130 sends a communication request to Provider 120.
  • the request may indicate that UE 130 requires Provider 120 to communicate with it from within an isolated VM instance (e.g., to prevent eavesdropping).
  • the request may be directed to a subroutine of Provider 120.
  • the request may be directed to a communication application of Provider 120, which may request the instantiation of a VM instance from a hypervisor.
  • Provider 120 requests or "polls" Attestation Node 110 for attestation information indicating that UE 130 is operating within a secure VM environment. For example, Provider 120 may poll Attestation Node 110 in response to receiving the request from UE 130. At 230c Node 110 provides to Provider 120 the attestation information that UE 130 is operating a VM instance
  • Provider 120 instantiates a VM instance (235c), executes the application within the VM instance for communication (240c), creates an attestation to the application operating within the VM instance (245c), and attests to its security status to Node 110 (250c).
  • these actions may be substantially similar to like actions performed by UE 130.
  • instantiating the VM instance at 235c may be triggered by the request from UE 130.
  • Provider 120 indicates to UE 130 (e.g., through the application executing on its VM instance) that it approves the request to communicate.
  • UE 130 Prior to connecting, at 260c, UE 130 requests or "polls" Attestation Node 110 for attestation information indicating that Provider 120 is operating within a secure VM environment. For example, UE 130 may poll Attestation Node 110 in response to receiving the communication response indicating that Provider 120 wants to connect to UE 130. At 265c Node 110 provides to UE 130 the attestation information that Provider 120B is operating a VM instance. At 270c, after receiving the attestation, UE 130 and Provider 120 establish a connection and communicate through applications executing on the respective VM instances.
  • UE 130 and Provider 120 may close the application.
  • UE 130 and Provider 120 may delete the respective VM instances.
  • FIG. 3 illustrates a flowchart for an example of a method 300 for providing secure endpoint communication in accordance with aspects of the present disclosure.
  • the flowchart illustrates method 300 from the perspective of UE 130 (e.g., UE 130A-130o or a local system).
  • UE 130 may communicate with a remote system (e.g., Provider 120) to, for example, access and/or modify a user account.
  • UE 130 may communicate with one or more Attestation Nodes 110 (e.g., Nodes 110A-110m) to attest to its own use of VM instances.
  • Attestation Nodes 110 e.g., Nodes 110A-110m
  • UE 130 instantiates a VM instance.
  • the instantiation may be, for example, in response to a user request to execute an application and/or in response to receiving a communication request from a remote system (e.g., Provider 120 or another UE 130A-130o).
  • a remote system e.g., Provider 120 or another UE 130A-130o.
  • instantiation of a VM instance may only occur if the application is designated to require isolation.
  • UE 130 generates a certificate for the VM instance.
  • the certificate may be based on a root certificate for the underlying hardware of UE 130.
  • the root certificate may be an unalterable characteristic of a processor executing on UE 130.
  • UE 130 executes the application on or within the VM instance on UE 130. By operating within the VM instance, the application may be isolated from vulnerabilities of UE 130 caused by other applications.
  • UE 130 attests to its use of VM instance to execute the application to a server (e.g., Attestation Node 110). For example, UE 130 may share its certificate for the VM instance with the server.
  • UE 130 may then accept the request to communicate and establish a communication link with a remote system and, at 360, communicate with the remote system through the communication link.
  • FIG. 4 is a flowchart of an example of a method 400 for providing secure endpoint communication in accordance with aspects of the present disclosure.
  • the flowchart is from the perspective of a UE 130 (e.g., UE 130A-130o or a local system) in communication with an Attestation Node 110 (e.g., one or more of Nodes 110A-110m) and a remote system (e.g., Provider 120A-120n).
  • UE 130 may receive an indication to connect with Provider 120, and, prior to connection, determine whether Provider 120 is communicating through a VM instance.
  • UE 130 instantiates a VM instance.
  • the instantiation may be, for example, in response to a user request to execute an application and/or in response to receiving a communication request from a remote system (e.g., Provider 120 or another UE 130A-o), hereafter referred to as Provider 120 in the discussion of FIG. 4 .
  • a remote system e.g., Provider 120 or another UE 130A-o
  • Provider 120 e.g., a remote system
  • instantiation of a VM instance may only occur if the application is designated to require isolation.
  • UE 130 generates a certificate for the VM instance.
  • the certificate may be based on a root certificate for the underlying hardware of UE 130.
  • the root certificate may be an unalterable characteristic of a processor executing on UE 130.
  • UE 130 executes the application within the VM instance on UE 130.
  • the application may be isolated from vulnerabilities of UE 130 caused by other applications.
  • UE 130 attests to its use of a VM instance to execute the application to a server (e.g., Attestation Node 110). For example, UE 130 may share its certificate for the VM instance with the server.
  • UE 130 requests an attestation of Provider 120 from Attestation Node 110.
  • Node 110 may be a node from a plurality of Attestation Nodes 110A-110m that are related to a same entity (e.g., cellular service provider), hardware provider (e.g., make of a processor of UE 130), or account manager (e.g., bank account manager) as UE 130.
  • the request for attestation may include an address of Provider 120.
  • Node 110 may then look up the provider's 120 attestation based on its address, and provide the attestation to UE 130. In some cases, such a request may only be made if the application executing on UE 130 requires Provider 120 to communicate through a VM instance (e.g., based on application and/or security rules).
  • UE 130 determines whether the provider is validly communicating through a VM instance. For example, UE 130 determines whether the attestation from Node 110 indicates that Provider 120 is potentially compromised.
  • Provider 120 is determined to be communicating through a VM instance (460-Yes), then, at 470, UE 130 establishes a connection with Provider 120. UE 130 and Provider 120 may then exchange data. However, if Provider 120 is determined to not be communicating through a VM instance (460-No), then, at 480, UE 130 denies the request for connection with Provider 120. In some cases, UE 130 may output a notice that Provider 120 is potentially compromised. A user of UE 130 may, in some implementations, override the decision and instruct UE 130 to connect to Provider 120.
  • FIG. 4 is described in terms of UE 130 connecting with a Provider 120. However, this is merely an example. In light of the present disclosure, one of ordinary skill will recognize that various other systems (e.g., UEs 130A-130o and/or Providers 120A-120n) can perform a similar method when connecting to a device as described above, so long as a connecting device has attested to their implementation of VM instances consistent with this application.
  • UEs 130A-130o and/or Providers 120A-120n can perform a similar method when connecting to a device as described above, so long as a connecting device has attested to their implementation of VM instances consistent with this application.
  • FIG. 5 illustrates a flowchart for an example of a method 500 for providing secure endpoint communication in accordance with aspects of the present disclosure.
  • the flowchart illustrates method 500 from the perspective of UE 130 (e.g., UE 130A-130o or a local system).
  • UE 130 may communicate with a remote system (e.g., Provider 120) to, for example, access and/or modify a user account.
  • UE 130 may communicate with one or more Attestation Nodes 110 (e.g., Nodes 110A-110m) to attest to its own use of VM instances.
  • Attestation Nodes 110 e.g., Nodes 110A-110m
  • UE 130 receives a communication request from a remote system (e.g., from Provider 120 or another UE 130A-o).
  • the communication request may indicate an application that is to be used to communicate with the remote system, hereafter referred to as Provider 120 in the discussion of FIG. 5 .
  • the request may indicate that a VM instance is required for the communication.
  • UE 130 requests an attestation of Provider 120 from Attestation Node 110.
  • Node 110 may be a node from a plurality of Attestation Nodes 110A-110m that are related to a same entity (e.g., cellular service provider), hardware provider (e.g., make of a processor of UE 130), or account manager (e.g., bank account manager) as UE 130.
  • the request for attestation may include an address of Provider 120.
  • Node 110 may then look up the provider's 120 attestation based on its address, and provide the attestation to UE 130. In some cases, such a request may only be made if UE 130 requires Provider 120 to communicate through a VM instance (e.g., based on application and/or security rules).
  • UE 130 determines whether the provider is validly communicating through a VM instance. For example, UE 130 determines whether the attestation from Node 110 indicates that Provider 120 is potentially compromised. If Provider 120 is determined to not be communicating through a VM instance (530-No), then, at 535, UE 130 denies the request for connection with Provider 120. In some cases, UE 130 may output a notice that Provider 120 is potentially compromised. A user of UE 130 may, in some implementations, override the decision and instruct UE 130 to connect to Provider 120. In some cases, UE 130 may notify Provider 120 that communication must be performed through a secure VM instance (i.e., before or with the denial).
  • UE 130 instantiates a VM instance. In some cases, instantiation of a VM instance may only occur if the application is designated to require isolation, or if the request indicates that Provider 120 requires communication through an isolated VM instance.
  • UE 130 generates a certificate for the VM instance.
  • the certificate may be based on a root certificate for the underlying hardware of UE 130.
  • the root certificate may be an unalterable characteristic of a processor executing on UE 130.
  • UE 130 executes the application on or within the VM instance on UE 130. By operating within the VM instance, the application may be isolated from vulnerabilities of UE 130 caused by other applications.
  • UE 130 attests to its use of the VM instance to execute the application to a server (e.g., Attestation Node 110). For example, UE 130 may share its certificate for the VM instance with the server.
  • UE 130 may then accept the request to communicate and establish a communication link with remote system and, at 590, communicate with the remote system through the communication link.
  • methods 200a, 200b, 200c, 300, 400, 500 have generally been described in regard to communication between UE 130 and Provider 120, these are merely examples.
  • One of ordinary skill will recognize that aspects of the present disclosure may be implemented in communication protocols for various devices and device pairs (e.g., one or more UEs 130A-o, Providers 120A-m, and/or other devices or systems.
  • UE 130 is described herein generally as a cell phone or smartphone.
  • UE 130 is described herein generally as a cell phone or smartphone.
  • the system environment 100 and methods 200a, 200b, 200c, 300, 400, 500 may also be used with a variety of other electronic devices, such as, for example, tablet computers, laptops, desktops, and another network (e.g., cellular or IP network) connected devices from which a call may be placed, a text may be sent, and/or data may be received.
  • network e.g., cellular or IP network
  • UE 130 may comprise a number of components to execute the above-mentioned functions and apps. As discussed below, UE 130 may comprise memory 602 including many common features such as, for example, contacts 604, a calendar 606, a call log (or, call history) 608, operating system (OS) 610, and one or more applications, such as connection app 612, and a hypervisor 613.
  • memory 602 including many common features such as, for example, contacts 604, a calendar 606, a call log (or, call history) 608, operating system (OS) 610, and one or more applications, such as connection app 612, and a hypervisor 613.
  • OS operating system
  • UE 130 may also comprise one or more root certificates 614 and one or more system processors 616.
  • the system processor(s) 616 can include a central processing unit (CPU), a graphics processing unit (GPU), or both CPU and GPU, or any other sort of processing unit.
  • UE 130 may also include one or more of removable storage 618, non-removable storage 620, one or more transceiver(s) 622, output device(s) 624, and input device(s) 626.
  • the root certificate 614 may be used to provide a means for attesting to VM instance utilization. For example, when a VM instance is instantiated, the VM instance may be hashed with the root certificate to generate an attestation certificate.
  • System processor 616 may be configured to receive a request to connect to an external device (e.g., another UE 130 or a Provider 120). The request may be received through input device 626 and/or through automatic routing. System processor 616 may request (e.g., from Node 110) attestation of the external device. The attestation may attest to the external device's use of VM instances, for example, on a ledger of the Attestation Node 110. Based on the attestation, the system processor 616 may either establish a connection with the external device (if the external device is determined to be communicating through a VM instance), or deny the request to connect to the external device (if the external device is determined to be potentially compromised).
  • an external device e.g., another UE 130 or a Provider 120. The request may be received through input device 626 and/or through automatic routing.
  • System processor 616 may request (e.g., from Node 110) attestation of the external device. The attestation may attest to the external device's
  • the memory 602 may be volatile (such as random-access memory (RAM)), non-volatile (such as read-only memory (ROM), flash memory, etc.), or some combination of the two.
  • the memory 602 may include all, or part, of the functions 604, 606, 608, 612, and the OS 610 for UE 130, among other things.
  • the memory 602 may also comprise contacts 604, which can include names, numbers, addresses, and other information about the user's business and personal acquaintances, among other things.
  • the memory 602 may also include a calendar 606, or other software, to enable the user to track appointments and calls, schedule meetings, and provide similar functions.
  • the memory 602 may also comprise the call log 608 of calls received, missed, and placed from UE 130. As usual, the call log 608 may include timestamps for each call for use by the system environment 100.
  • the memory 602 can also include other software such as, for example, e-mail, text messaging, social media, and utilities (e.g., calculators, clocks, compasses, etc.).
  • the memory 602 may also include the OS 610.
  • the OS 610 varies depending on the manufacturer of UE 130 and currently comprises, for example, iOS 12.1.4 for Apple products and Pie for Android products.
  • the OS 610 contains the modules and software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
  • UE 130 may also include the connection app 612 and a hypervisor 613.
  • the connection app 612 and hypervisor 613 may perform some, or all, of the functions discussed above with respect to the methods 200a, 200b, 200c, 300, 400, and 500 for interactions occurring between UE 130 and an external device (e.g., another UE 130, Provider 120, and/or Attestation Nodes 110).
  • an external device e.g., another UE 130, Provider 120, and/or Attestation Nodes 110.
  • hypervisor 613 may instantiate a VM instance, and connection app 612 may be executed within the VM instance.
  • the connection app 612 may then communicate with Provider 120 without fear that other application on UE 130 will eavesdrop on connection app 612.
  • the hypervisor may be a native hypervisor executing outside of OS 610.
  • this is merely an example and, in an example, hypervisor 613 is hosted by OS 610.
  • UE 130 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape.
  • additional storage is illustrated in FIG. 6 by removable storage 618 and non-removable storage 620.
  • the removable storage 618 and non-removable storage 620 can store some, or all, of the functions 604, 606, 608, 612, and the OS 610.
  • Non-transitory computer-readable media may include volatile and nonvolatile, removable and non-removable tangible, physical media implemented in technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • the memory 602, removable storage 618, and non-removable storage 620 are all examples of non-transitory computer-readable media.
  • Non-transitory computer-readable media include, but are not limited to, RAM, ROM, electronically erasable programmable ROM (EEPROM), flash memory or other memory technology, compact disc ROM (CD-ROM), digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other tangible, physical medium which can be used to store the desired information and which can be accessed by UE 130. Any such non-transitory computer-readable media may be part of UE 130 or may be a separate database, databank, remote server, or cloud-based server.
  • the transceiver(s) 622 may include any sort of transceivers known in the art.
  • the transceiver(s) 622 can include a wireless modem to facilitate wireless connectivity with the other UEs, the Internet, and/or an intranet via a cellular connection.
  • the transceiver(s) 622 may include a radio transceiver that performs the function of transmitting and receiving radio frequency communications via an antenna (e.g., Wi-Fi or Bluetooth®).
  • the transceiver(s) 622 may include wired communication components, such as a wired modem or Ethernet port, for communicating with the other UE or the provider's Internet-based network. In this case, the transceiver(s) 622 can also enable UE 130 to communicate with the Nodes 110 and Providers 120, as described herein.
  • output device(s) 624 includes any sort of output devices known in the art, such as a display (e.g., a liquid crystal or thin-film transistor (TFT) display), a touchscreen display, speakers, a vibrating mechanism, or a tactile feedback mechanism.
  • output device(s) 624 can play various sounds based on, for example, whether UE 130 is connected to a network, the type of call being received (e.g., video calls vs. voice calls), the number of active calls, etc.
  • output device(s) 624 can play a sound or display a graphic when a new connection (e.g., with Provider 120) is requested, a Provider 120 is determined to be compromised, a connection is successful, etc.
  • Output device(s) 624 also include ports for one or more peripheral devices, such as headphones, peripheral speakers, or a peripheral display.
  • input device(s) 626 includes any sort of input devices known in the art.
  • the input device(s) 626 may include, for example, a camera, a microphone, a keyboard/keypad, or a touch-sensitive display.
  • a keyboard/keypad may be a standard pushbutton alphanumeric, multi-key keyboard (such as a conventional QWERTY keyboard), virtual controls on a touchscreen, or one or more other types of keys or buttons, and may also include a joystick, wheel, and/or designated navigation buttons, or the like.
  • the system environment 100 and methods 200a, 200b, 200c, 300, 400, 500 may also be used in conjunction with a server 700 (e.g., Provider 120 and/or Attestation Node 110).
  • the server 700 can comprise, for example, a desktop or laptop computer, a server, bank of servers, or cloud-based server bank.
  • the server 700 is depicted as single standalone servers, other configurations or existing components could be used.
  • the server 700 may comprise existing network entities such as, for example, a home location register (HLR), home subscriber service (HSS), a third-generation partnership project authentication, authorization and accounting (3GPP AAA) server, or another server or component.
  • the server 700 may implement aspects of Provider 120 and/or Node 110.
  • the server 700 may comprise a number of components to execute the above-mentioned functions and apps.
  • the server 700 may comprise memory 702 including many common features such as, for example, the OS 710.
  • the memory 702 may be volatile (such as random access memory (RAM)), non-volatile (such as read-only memory (ROM), flash memory, etc.), or some combination of the two.
  • the memory 702 may include all, or part, of the functions of a connection app 704 and hypervisor 713, among other things.
  • the memory 702 may also include the OS 710.
  • the OS 710 varies depending on the manufacturer of the server 700 and the type of component. Many servers, for example, run Linux or Windows Server. Dedicated cellular routing servers may run specific telecommunications OS 710.
  • the OS 710 contains the modules and software that supports a computer's basic functions, such as scheduling tasks, executing applications, and controlling peripherals.
  • a connection app 704 may provide communication between the server 700 and external systems (e.g., UE 130, other Providers 120, and/or Nodes 110).
  • Hypervisor 713 may instantiate, manage, and delete VM instances and/or applications (e.g., connection app 704) executing thereon.
  • the server 700 may also comprise one or more boot processor(s) 714 and system processors 716.
  • Boot processor 714 may aid in system start-up.
  • the system processor(s) 716 can include a central processing unit (CPU), a graphics processing unit (GPU), or both CPU and GPU, or any other sort of processing unit.
  • the server 700 may also include one or more of removable storage 718, non-removable storage 720, one or more transceiver(s) 722, output device(s) 724, and input device(s) 726.
  • System processor 716 may be configured to receive a request to connect to an external device (e.g., UE 130 or another server 700).
  • System processor 716 may request (e.g., from Node 110) attestation of the external device.
  • attestation may be a self-attestation stored on a ledger of the Attestation Node 110.
  • the system processor 716 may either establish a connection with the external device (if the external device is determined to be valid), or deny the request to connect to the external device (if the external device is determined to be compromised).
  • the server 700 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 7 by removable storage 718 and non-removable storage 720.
  • the removable storage 718 and non-removable storage 720 may store some, or all, of the OS 710, hypervisor 713, and connection app 704.
  • Non-transitory computer-readable media may include volatile and nonvolatile, removable and non-removable tangible, physical media implemented in technology for storage of information, such as computer readable instructions, data structures, program modules, or other data.
  • the memory 702, removable storage 718, and non-removable storage 720 are all examples of non-transitory computer-readable media.
  • Non-transitory computer-readable media include, but are not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, DVDs or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other tangible, physical medium which may be used to store the desired information, and which can be accessed by the server 700. Any such non-transitory computer-readable media may be part of the server 700 or may be a separate database, databank, remote server, or cloud-based server.
  • the transceiver(s) 722 include any sort of transceivers known in the art.
  • the transceiver(s) 722 may include a wireless modem to facilitate wireless connectivity with UEs 130, additional servers, the Internet, and/or an intranet via a cellular connection.
  • the transceiver(s) 722 may include a radio transceiver that performs the function of transmitting and receiving radio frequency communications via an antenna (e.g., Wi-Fi or Bluetooth®).
  • the transceiver(s) 722 may include wired communication components, such as a wired modem or Ethernet port, for communicating with the other UEs or the provider's Internet-based network.
  • the transceiver(s) 722 may transmit requests to and receive attestation information from Attestation Node(s) 110, and send messages to UEs 130, among other things.
  • the output device(s) 724 may include any sort of output devices known in the art, such as a display (e.g., a liquid crystal or thin-film transistor (TFT) display), a touchscreen display, speakers, a vibrating mechanism, or a tactile feedback mechanism.
  • the output devices may play various sounds based on, for example, whether the server 700 is connected to a network, the type of data being received (e.g., a match vs. a request for service listings), when SIM-OTA messages are being transmitted, etc.
  • Output device(s) 724 may also include ports for one or more peripheral devices, such as headphones, peripheral speakers, or a peripheral display.
  • input device(s) 726 includes any sort of input devices known in the art.
  • the input device(s) 726 may include a camera, a microphone, a keyboard/keypad, or a touch-sensitive display.
  • a keyboard/keypad may be a standard pushbutton alphanumeric, multi-key keyboard (such as a conventional QWERTY keyboard), virtual controls on a touchscreen, or one or more other types of keys or buttons, and may also include a joystick, wheel, and/or designated navigation buttons, or the like.
  • FIG. 8 depicts a conventional cellular network 800 including 2G 802, 3G 804, 4G long-term evolution (LTE) 806, and 5G 828 components.
  • LTE long-term evolution
  • 5G 828 components
  • future technologies such as, for example, 5G and device-to-device (D2D) components could also be included and are contemplated herein.
  • Many of the "back-end" components of network 800 could handle some, or all, of system environment 100 and methods 200a, 200b, 200c, 300, 400, 500 associated with remote device security attestation and manipulation detection.
  • data may be routed from the Internet or other sources using a circuit switched modem connection (or non-3GPP connection), which provides relatively low data rates, or via IP based packet switched 810 connections, which results is higher bandwidth.
  • SAE GW service architecture evolution gateway
  • UE 130 also has wireless local area network (WLAN) 814 capabilities, in some cases enabling even higher throughput.
  • WLAN wireless local area network
  • cellular carriers may use WLAN communications in addition to, or instead of, cellular communications to supplement bandwidth.
  • Serving GPRS support node (SGSN) 816 is a main component of the general packet radio service (GPRS) network, which handles all packet switched data within the network 800 (e.g., the mobility management and authentication of the users).
  • MSC 818 essentially performs the same functions as SGSN 816 for voice traffic.
  • MSC 818 is the primary service delivery node for global system for mobile communication (GSM) and code division multiple access (CDMA), responsible for routing voice calls and short messaging service (SMS) messages, as well as other services (such as conference calls, fax, and circuit switched data).
  • GSM global system for mobile communication
  • CDMA code division multiple access
  • MSC 818 sets up and releases the end-to-end connection, handles mobility and hand-over requirements during the call, and takes care of charging and real-time pre-paid account monitoring.
  • mobility management entity (MME) 820 is the key control-node for 4G LTE network 806 and 5G 828. It is responsible for idle mode UE 130 paging and tagging procedures including retransmissions. MME 820 is involved in the bearer activation/deactivation process and is also responsible for choosing SAE GW 812 for UE 130 at the initial attach and at time of intra-LTE handover involving Core Network (CN) node relocation (i.e., switching from one cell tower to the next when traveling). MME 820 is responsible for authenticating the user (by interacting with the HSS 822 discussed below).
  • CN Core Network
  • the Non-Access Stratum (NAS) signaling terminates at the MME 820 and it is also responsible for generation and allocation of temporary identities to UE 130.
  • the MME 820 also checks the authorization of UE 130 to camp on the service provider's HPLMN or VPLMN and enforces UE 130 roaming restrictions on the VPLMN MME 820 is the termination point in the network for ciphering/integrity protection for NAS signaling and handles the security key management.
  • MME 820 also provides the control plane function for mobility between LTE 806 and 2G 802/3G 804 access networks with an S3 interface terminating at MME 820 from SGSN 816.
  • MME 820 also terminates an S7a interface towards home HSS 822 for roaming UE 130.
  • MME 820 may be configured to respond to an initial attach request by sending a create session request to a network slice selector, also referred to herein as a slice selector and/or a network selector.
  • the create session request may be sent over a logical communication interface that is referred to as an NG4 interface.
  • the NG4 interface typically is used for messaging between the control plane function and the user plane forwarding function of a 5G network.
  • aspects of the present disclosure may be implemented within containerization of Software Defined Networks (SDN) of 5G nodes, and/or Network Function Virtualization (NfV).
  • SDN Software Defined Networks
  • NfV Network Function Virtualization
  • the network slice selector may determine which of the available network slices should be used to provide services for UE 130 and may redirect the create session request to the selected network slice.
  • the create session request may be directed to a gateway component of the selected network slice.
  • the gateway component may comprise a user plane forwarding function.
  • HSS/HLR 822 is a central database that contains user-related and subscription-related information.
  • the functions of HSS/HLR 822 include functionalities such as mobility management, call and session establishment support, user authentication and access authorization.
  • HSS which is used for LTE connections, is based on the previous HLR and Authentication Center (AuC) from CGMA and GSM technologies, with each serving substantially the same functions for their respective networks.
  • AuC Authentication Center
  • the policy and charging rules function (PCRF) 824 is a software node that determines policy rules in network 800.
  • PCRF 824 generally operates at the network core and accesses subscriber databases (e.g., HSS/HLR 822) and other specialized functions, such as enhanced e911 call handling, in a centralized manner.
  • PCRF 824 is the main part of network 800 that aggregates information to and from network 800 and other sources (e.g., IP networks 810).
  • PCRF 824 may support the creation of rules and then may automatically make policy decisions for each subscriber active on network 800.
  • PCRF 824 may also be integrated with different platforms like billing, rating, charging, and subscriber database or may also be deployed as a standalone entity.
  • 3GPP AAA server 826 performs authentication, authorization, and accounting (AAA) functions (e.g., call routing 807 and/or white listing 808) and may also act as an AAA proxy server.
  • AAA authentication, authorization, and accounting
  • For WLAN 814 access to (3GPP) IP networks 810 3GPP AAA Server 826 provides authorization, policy enforcement, and routing information to various WLAN components.
  • 3GPP AAA Server 826 may generate and report charging/accounting information, performs offline charging control for WLAN 814, and perform various protocol conversions when necessary.
  • system environment 100 and methods 200a, 200b, 200c, 300, 400, 500 above are discussed with reference to use with cellular communications, for instance, the system environment 100 and methods 200a, 200b, 200c, 300, 400, 500 can be used for other types of wired and wireless communications.
  • system environment 100 and methods 200a, 200b, 200c, 300, 400, 500 can be used for other types of wired and wireless communications.
  • functions are discussed as being performed on UE 130, by Provider 120, or Nodes 110, other components could perform the same or similar functions without departing from the scope of the present invention as defined by the apended claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
EP20178351.1A 2019-07-09 2020-06-04 Systèmes et procédés pour une connexion et une communication de point d'extrémité sécurisées Active EP3764259B1 (fr)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US16/505,846 US11516663B2 (en) 2019-07-09 2019-07-09 Systems and methods for secure endpoint connection and communication

Publications (2)

Publication Number Publication Date
EP3764259A1 true EP3764259A1 (fr) 2021-01-13
EP3764259B1 EP3764259B1 (fr) 2024-09-04

Family

ID=70977866

Family Applications (1)

Application Number Title Priority Date Filing Date
EP20178351.1A Active EP3764259B1 (fr) 2019-07-09 2020-06-04 Systèmes et procédés pour une connexion et une communication de point d'extrémité sécurisées

Country Status (2)

Country Link
US (1) US11516663B2 (fr)
EP (1) EP3764259B1 (fr)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3101990B1 (fr) * 2019-10-11 2023-01-13 Amadeus Sas Fourniture de machines virtuelles pour une intégration centralisée avec des périphériques incluant des dispositifs biométriques
US11425124B2 (en) * 2020-06-29 2022-08-23 Lenovo Enterprise Solutions (Singapore) Pte. Ltd. Method for cloud assisted authorization of IoT identity bootstrapping
CN114969769A (zh) * 2021-02-24 2022-08-30 华为技术有限公司 一种访问控制方法、电子设备及系统
CN115081010A (zh) * 2021-03-16 2022-09-20 华为技术有限公司 分布式的访问控制方法、相关装置及系统
CN115114619A (zh) * 2021-03-23 2022-09-27 华为技术有限公司 一种访问控制的方法、电子设备及系统

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140137115A1 (en) * 2012-08-20 2014-05-15 Bitdefender IPR Management Ltd. Secure Communication Using a Trusted Virtual Machine
WO2018162060A1 (fr) * 2017-03-08 2018-09-13 Huawei Technologies Co., Ltd. Procédés et dispositifs pour attester l'intégrité d'une machine virtuelle
US20190007378A1 (en) * 2017-06-28 2019-01-03 Microsoft Technology Licensing, Llc Shielded networks for virtual machines
US20190075130A1 (en) * 2015-02-20 2019-03-07 Authentic8, Inc. Secure application for accessing web resources

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070050765A1 (en) 2005-08-30 2007-03-01 Geisinger Nile J Programming language abstractions for creating and controlling virtual computers, operating systems and networks
US8776169B2 (en) 2010-03-30 2014-07-08 Authentic8, Inc. Disposable browsers and authentication techniques for a secure online user environment
US9239909B2 (en) 2012-01-25 2016-01-19 Bromium, Inc. Approaches for protecting sensitive data within a guest operating system
US10044695B1 (en) 2014-09-02 2018-08-07 Amazon Technologies, Inc. Application instances authenticated by secure measurements
US9246690B1 (en) 2014-09-03 2016-01-26 Amazon Technologies, Inc. Secure execution environment services
US10778720B2 (en) * 2015-06-12 2020-09-15 Teleputers, Llc System and method for security health monitoring and attestation of virtual machines in cloud computing systems
US10050947B2 (en) * 2016-01-28 2018-08-14 Cisco Technology, Inc. Key distribution in a distributed network environment
US11153303B2 (en) * 2017-11-15 2021-10-19 Citrix Systems, Inc. Secure authentication of a device through attestation by another device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140137115A1 (en) * 2012-08-20 2014-05-15 Bitdefender IPR Management Ltd. Secure Communication Using a Trusted Virtual Machine
US20190075130A1 (en) * 2015-02-20 2019-03-07 Authentic8, Inc. Secure application for accessing web resources
WO2018162060A1 (fr) * 2017-03-08 2018-09-13 Huawei Technologies Co., Ltd. Procédés et dispositifs pour attester l'intégrité d'une machine virtuelle
US20190007378A1 (en) * 2017-06-28 2019-01-03 Microsoft Technology Licensing, Llc Shielded networks for virtual machines

Also Published As

Publication number Publication date
US11516663B2 (en) 2022-11-29
EP3764259B1 (fr) 2024-09-04
US20210014683A1 (en) 2021-01-14

Similar Documents

Publication Publication Date Title
EP3764259B1 (fr) Systèmes et procédés pour une connexion et une communication de point d'extrémité sécurisées
CN114080843B (zh) 用于增强5g网络的网络切片和策略框架的装置、系统和方法
US11690005B2 (en) Network slice for visited network
US11503004B2 (en) Distributed IPSec gateway
US11102828B2 (en) User plane function selection for isolated network slice
CN110786034B (zh) 用于网络切片隐私考虑的方法、用户设备和功能节点
US20180288095A1 (en) Method and system to secure and dynamically share iot information cross multiple platforms in 5g network
EP3739483B1 (fr) Systèmes et procédés de détection d'attestation et de manipulation de sécurité de dispositif à distance
JP2018510578A (ja) 完全前方秘匿性を有する認証および鍵共有
AU2018429762B2 (en) Use of identity data associated with a device for directing communications to another device
EP3893536A1 (fr) Procédé, dispositif et système d'amélioration de la sécurité d'accès inter-réseaux
WO2021063298A1 (fr) Procédé de mise en œuvre d'authentification, dispositif de communication, et système de communication
US11706614B2 (en) Direct SMF control plane with gNB
US20230397006A1 (en) System and method for establishing end-to-end secure communication using per-session validation
Kantor et al. A policy-based per-flow mobility management system design
US20240129730A1 (en) Authentication Indication for Edge Data Network Relocation
Moser et al. Extending software defined networking to end user devices
US11277734B2 (en) Systems and methods for secure automatic system-network dual-activation
WO2024032218A1 (fr) Procédé de communication et appareil de communication
EP4388785A1 (fr) Interaction d'application pour découpage en tranches d'un réseau

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN PUBLISHED

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20210713

RBV Designated contracting states (corrected)

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20230324

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 9/455 20180101ALI20240328BHEP

Ipc: H04L 9/40 20220101ALI20240328BHEP

Ipc: G06F 21/57 20130101ALI20240328BHEP

Ipc: G06F 21/53 20130101AFI20240328BHEP

INTG Intention to grant announced

Effective date: 20240423

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602020036927

Country of ref document: DE

U01 Request for unitary effect filed

Effective date: 20240926